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Examiner's Amendment 

1 . Authorization for this examiner's amendment was given in a telephone interview with 
Cindy S. Kaplan, reg. no. 40,043 on August 19, 2008. During the interview, Applicant agrees to 
amend the specification and claims according to the Examiner's Amendment. 

2. An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

3. The application is amended as follows: 

Specification 

4. [Page 13, Lines 18-20, Page 14, Lines 1-13] Fig.4 shows a system block diagram of 
computer system 78 that maybe used to execute software of an embodiment of the invention. 
The computer system 78 includes memory 82 which can be utilized to store and retrieve software 
programs incorporating computer code that implements aspects of the invention, data for use 
with the invention, and the like. Exemplary computer readable storage media include CD-ROM, 
floppy disk, tape, flash memory, system memory, and hard drive. Additionally, a data signal 
embodied in a carrier wave (e.g., in a network including the Internet) may bo the computer 
readable storage medium . Computer system 78 further includes a subsystems such as a central 
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processor 80, fixed storage 84 (e.g., hard drive), removable storage 86 (e.g., CD-ROM drive), 
and one or more network interfaces 94. Other computer systems suitable for use with the 
invention may include additional or fewer subsystems. For example, computer system 78 may 
include more than one processor 80 (i.e., a multi-processor system) or a cache memory. The 
computer system 78 may also include a display, keyboard, and mouse (not shown) for use as a 
host. 

Claims 

1. Claim 1 (currently amended): A method for providing authorization , authentication, 
and accounting (AAA) in a virtual private network having a first AAA server, the method 
comprising: 

receiving a request from a remote user for connection with a virtual private network at a 
virtual home gateway, said virtual home gateway in communication with a second AAA 
server[[;]] which wherein the second AAA server is a service provider server and is not located 
within said virtual private network; 

associating the remote user with the virtual private network at the virtual home gateway, 
wherein associating the remote user comprises receiving a virtual private network [ [ID]] 
identification (ID) and address of the first AAA server; 

performing a lookup of the address of the first AAA server at the virtual home gateway; 

sending a request to authenticate the remote user with said virtual private network from 
the virtual home gateway to the first AAA server located within said virtual private network; and 

sending a request to the second AAA server to authorize the remote user with said virtual 
private network from the virtual home gateway; 
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connecting the remote user to the virtual private network if the first AAA server 
successfully authenticates the remote user and the second AAA server successfully authorizes 
the remote user; and 

sending accounting information directly to the first AAA server and the_second AAA 
server from the virtual home gateway ; 

wherein authentication of the remote user is performed at the first AAA server without 
contacting the second AAA server associated with the virtual home gateway. 

2. Claim 2 (canceled). 

3. Claim 3 (previously presented): The method of claim 1 wherein the virtual private 
network ID binds a profile of the virtual private network to a routing table of the virtual home 
gateway. 

4. Claim 4 (canceled). 

5. Claim 5 (currently amended): The method of [ claim 4 ] claim 1 wherein the second 
AAA server contains the address of the first AAA server. 

6. Claim 6 (original): The method of claim 1 wherein sending a request to authenticate 
the remote user comprises routing the request using a customer routing table of the virtual 
private network. 



7. Claim 7 (original): The method of claim 1 wherein connecting the remote user to the 
virtual private network comprises setting up a PPP session for the remote user. 
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8. Claim 8 (previously presented): The method of claim 1 further comprising sending 
an accounting request to the first AAA server. 

9. Claim 9 (previously presented): The method of claim 8 further comprising sending an 
accounting request to the second AAA server. 

10. Claim 10 (previously presented): The method of claim 9 wherein accounting 
information sent to the first AAA server is different than accounting information sent to the 
second AAA server. 

11. Claim 1 1 (original): The method of claim 1 wherein associating a remote user with 
the virtual private network comprises identifying the virtual private network based on a domain 
name. 

12. Claim 12 (original): The method of claim 1 wherein associating a remote user with 
the virtual private network comprises identifying the virtual private network based on a dial-up 
phone number. 

13. Claim 13 (original): The method of claim 1 wherein associating a remote user with 
the virtual private network comprises identifying the virtual private network based on a circuit 
ID. 

14. Claim 14 (currently amended): A computer-readable storage medium encoded with a 
computer program for providing authorization , authentication, and accounting (AAA) in a virtual 
private network having a first AAA server, the computer program comprising: 
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code that receives a request from a remote user for connection with a virtual private 
network at a virtual home gateway, said virtual home gateway in communication with a second 
AAA server which wherein the second AAA server is a service provider server and is not 
located within said virtual private network; 

code that associates the remote user with the virtual private network, at the virtual home 
gateway, wherein code that associates the remote user comprises code that receives a virtual 
private network [[i&J] identification (ID) and address of the first AAA server; 

code that performs a lookup for an address of the first AAA server at the virtual home 
gateway; 

code that sends a request to authenticate the remote user with said virtual private network 
from the virtual home gateway to the first AAA server located within said virtual private 
network; 

code that sends a request to the second AAA server to authorize the remote user with said 
virtual private network from the virtual home gateway; 

code that connects the remote user to the virtual private network if the first AAA server 
successfully authenticates the remote user and the second AAA server successfully authorizes 
the remote user ; 

code that sends accounting information directly to the first AAA server and the second 
AAA servers server from the virtual home gateway; and 

a computer-readable storage medium for storing the codes; 

wherein authentication of the remote user is preformed at the first AAA server without 
contacting the second AAA server associated with the virtual home gateway. 



15. Claim 15 (canceled). 
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16. Claim 16 (previously presented): The computer-readable storage medium of claim 14 
further comprising code that sends accounting requests to the first AAA server. 

17. Claim 17 (previously presented): The computer-readable storage medium of claim 14 
further comprising code that binds a profile of the virtual private network to a routing table of the 
virtual home gateway. 

18. Claim 18 (currently amended): A system for providing authorization , authentication, 
and accounting (AAA) in a virtual private network having a first AAA server, the system 
comprising: 

a virtual home gateway configured to receive requests from a remote user for connection 
with one of a plurality of virtual private networks in communication with the virtual home 
gateway[[,]] ; 

associate the remote user with the virtual private network[[,]] i_ 
perform a lookup of the address of the first AAA server[[,]] ^_ 

send a request to authenticate the remote user from the virtual home gateway to the first 
AAA server located within the virtual private network, and send a request to authorize the 
remote user from the virtual home gateway to the second AAA server located outside the virtual 
private network; 

connect the remote user to the virtual private network said virtual home gateway in 
communication with a second AAA server which is not within said virtual private network, 

if the first AAA server successfully authenticates the remote user and the second AAA 
server successfully authorizes the remote user and; 

send accounting information from the virtual home gateway to the first AAA server and 
the second AAA server; 

a database for storing the address of the first private network AAA server; and 
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a processor operable to look up the address of the virtual private network first AAA 
server based on information received from the remote user so that authentication is performed 
directly between the virtual home gateway and the virtual private network first AAA server 
without contacting the second AAA server associated with the virtual home gateway; 

wherein a virtual private network [[IB]] identification (ID) and address of the first AAA 
server is used to associate the remote user with the virtual private network, and wherein the 
virtual home gateway is configured to route the request to authenticate the remote user using a 
customer routing table of the virtual private network, and the second AAA server is a service 
provider server and is not located within the virtual private network,. 

19. Claim 19 (original): The system of claim 18 wherein the information received from 
the remote user is a circuit ID. 

20. Claim 20 (original): The system of claim 18 wherein the information received from 
the remote user is domain name. 

21. Claim 21 (original): The system of claim 18 wherein the information received from 
the remote user is a dial-up phone number. 

22. Claim 22 (canceled). 

23. Claim 23 (previously presented): The system of claim 18 wherein the database 
includes the virtual private network IDs used to bind virtual private network profiles to a routing 
table of the virtual home gateway. 
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24. Claim 24 (original): The system of claim 23 wherein the virtual home gateway 
comprises a plurality of routing tables corresponding to different virtual private networks. 

25. Claim 25 (currently amended): A system for providing authorization , authentication, 
and accounting (AAA) in a virtual private network having [[an]] a first AAA server, the system 
comprising: 

means for receiving a request from a remote user for connection with a virtual private 
network at a virtual home gateway, said virtual home gateway in communication with a second 
AAA server which wherein the second AAA server is a service provider server and is not located 
within said virtual private network; 

means for associating the remote user with the virtual private network, at the virtual 
home gateway, wherein means for associating the remote user comprises means for receiving a 
virtual private network [ft©]] identification (ID) and address of the first AAA server; 

means for performing a lookup for an address of the first AAA server at the virtual home 
gateway; 

means for sending a request to authenticate the remote user with said virtual private 
network from the virtual home gateway to the first AAA server located within the virtual private 
network; 

means for sending a request to the second AAA server to authorize the remote user with 
the virtual private network from the virtual home gateway; 

means for connecting the remote user to the virtual private network if the first AAA 
server successfully authenticates the remote user and if the second AAA server successfully 
authorizes the remote user; and 

means for sending accounting information directly to the first AAA server and the second 
AAA server from the virtual home gateway ; 

wherein authentication of said remote user is performed at the first AAA server without 
contacting the AAA server associated with the virtual home gateway. 
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26. Claim 26 (canceled). 

27. Claim 27 (canceled). 

28. Claim 28 (currently amended): The system of claim 27 claim 25 wherein the second 
AAA server contains the address of the virtual private network's AAA server. 

Reason for Allowance 
The following is an examiner's statement of reasons for allowance: 

5. In the specification Page 14, Lines 4-5 "Additionally, a data signal embodied in a carrier 
wave (e.g., in a network including the Internet)" is being deleted. For purposes of examination, 
the deletion of such embodiments is being treated as an explicit act to remove such embodiment 
from the scope of the claims. 

6. None of the prior art of records teach or suggest in combination: 

receiving a request from a remote user for connection with a virtual private network at a 
virtual home gateway, said virtual home gateway in communication with a second AAA server 
wherein the second AAA server is a service provider server and_ is not located within said virtual 
private network; 

associating the remote user with the virtual private network at the virtual home gateway, 
wherein associating the remote user comprises receiving a virtual private network identification 
(ID) and address of the first AAA server; 

performing a lookup of the address of the first AAA server at the virtual home gateway; 
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sending a request to authenticate the remote user with said virtual private network from 
the virtual home gateway to the first AAA server located within said virtual private network; and 

sending a request to the second AAA server to authorize the remote user with said virtual 
private network from the virtual home gateway; 

connecting the remote user to the virtual private network if the first AAA server 
successfully authenticates the remote user and the second AAA server successfully authorizes 
the remote user; and 

sending accounting information directly to the first AAA server and the second AAA 
server from the virtual home gateway; 

wherein authentication of the remote user is performed at the first AAA server without 
contacting the second AAA server associated with the virtual home gateway. 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KAREN C. TANG whose telephone number is (571)272-31 16. 
The examiner can normally be reached on M-F 7-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on (571)272-3964. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 1 0/05 1,861 Page 1 2 

Art Unit: 2151 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/K. C. T./ 

Examiner, Art Unit 2151 



/John Follansbee/ 

Supervisory Patent Examiner, Art Unit 2151 



